Data Security at HPE Government Summit

By Cynthia Leonard —
March 16, 2017

March is here, spring is in the air, and it’s time for Hewlett Packard Enterprise Software Government Summit 2017, taking place in Washington DC Wednesday, March 22. The Government Summit is the premier US government technology showcase of the year. Government entities, much like their business counter parts, are starting to recognize that Cloud adoption, bolstered security, harnessing Big Data and delivering mobile services are essential to modern service delivery. Attendees of the Government Summit can hear about real-life experiences from successful agencies using IT to propel their businesses further, faster.

Even though this is a one day event, it is a stacked agenda. The Government Summit is divided into six tracks. The first track centers on using IoT, Big Data Analytics and Information Management to course-correct and continually improve Federal “Digital First” initiatives. The second track discusses enhancing Federal software security assurance in the age of DevOps, Mobile, IoT and Cloud. The third track features the power of Security Data Analytics. Track four keys on protecting Government Business Initiatives and how to meet the Cybersecurity Act of 2015. Track five highlights accelerating the shift to DevOps in support of secure innovation on a government budget. The last track is about balancing innovation and risk against data center consolidation and “Cloudfirst” mandates with Hybrid Cloud.

That is a great line up, however it is track four that is near and dear to Data Security’s heart, in that it talks about protecting an entities’ most valuable asset, the data. Just like their enterprise counterparts, Government agencies need to protect sensitive Personal Information (PII), and other high value data (classified) from data breaches and insider threat in their existing systems. The challenge is to achieve protection but still allow inter-agency sharing, big data analytics, cloud and innovations to grow. This challenge can be met with the best practice of using data-centric security.

Government entities need Data-centric Security

Federal and state government agencies disclosed a total of 203 data breaches between 2010 and 2016. Attackers include nation-states, activists, for-profit hackers and malicious insiders. Perimeter security is unable to stop them, especially malicious insiders, which by definition are already inside the network. Point solutions that protect data in a disk, or application, are just as ineffective, because they cannot protect data in-motion or when it is used.

A data-centric approach to security allows companies or Government agencies to mitigate the risks from cyberattacks, such as advanced malware, insider threats, and other attempts to get sensitive information. Data-centric Security works by encrypting all sensitive data as it enters a system. This encryption stays with the data whether at-rest, in-motion or in-use, and in-motion as it moves in and out of the cloud, not just where it is stored. This way, if an attacker accesses the data, they get nothing of value. The ability to neutralize a breach by rendering data useless if lost or stolen, through data-centric encryption, is an essential benefit to ensure data remains secure. Credentials that never need to be recovered in clear form should be strongly protected with state-of-the art methods, for example, strong standards-based keyed hashing.

Data-centric security utilizes technology such as format-preserving encryption (FPE), a data protection algorithm that has a way of encrypting data by preserving the data format. It transforms data that is formatted as a sequence of the symbols in such a way that the encrypted form of the data has the same format and length as the original data. Since there is no change in the data format, retrofitting to legacy applications is very simple and easy rather than a conventional encryption that would change the data format. FPE is based on strong FFX or Feistal-based encryption modes. The “X” in FFX indicates the flexibility to instantiate the framework with different parameter sets. FPE is a NIST-approved encryption standard that is derived from AES 128-bit block algorithm.

With FPE, sensitive data and even communication protocols can be encrypted, without breaking application frameworks, and while retaining the usability of the actual data for analytics and business intelligence, without requiring decryption. The value of data-centric security controls enables organizations to protect valuable data assets and enable data-rich analytic insight without risk.

Data Security Tracks at the Government Summit:

Using Data-Centric Security to Protect Big Data, Hadoop, Cloud, Mobile and IoT initiatives
HPE Security – Data Security, has been the leader in the development of Format-Preserving Encryption (FPE), enabling hundreds of major global enterprises to protect data across the enterprise while preserving business processes and key big data, cloud, mobile and IoT initiatives. With FPE technology becoming a NIST standard, this technology is now available to protect high-value data from Government Agencies.

Neutralizing Data Breaches and Insider Threats Through HPE SecureData
Discover how to neutralize data breaches and insider threats by protecting high value data across platforms and applications. HPE SecureData with Hyper FPE “de-identifies” sensitive data from the point of capture rendering it useless to attackers, while maintaining its usability and referential integrity for data processes, applications, services and new initiatives.

Protecting data-at-rest across the Government
Protecting data-at-rest is so important. Learn about the “perform storm”, what analysts have concluded, and discuss how HPE Enterprise Secure Key Manager (ESKM) helps to protect data, eliminate risk, and reduce your operational and capital costs.